On 11/17/18 12:40 PM, Neal Gompa wrote:
On Sat, Nov 17, 2018 at 10:42 AM John Florian
> On 11/16/18 9:38 PM, Neal Gompa wrote:
>> On Fri, Nov 16, 2018 at 8:02 PM John Florian <jflorian(a)doubledog.org>
>>> On 10/31/18 6:29 PM, Ken Dreyer wrote:
>>>> Hi folks,
>>>> I'm working on some native Ansible modules to manage Koji resources.
>>>> (This is not about installing Koji, it's just a way to declaratively
>>>> define things within Koji, where you might normally use the koji CLI.)
>>> Since we're on the subject, I should mention that I have a pretty
>>> complete Puppet module for managing my entire Koji installation. The
>>> documentation is only sufficient if you're already familiar with Koji
>>> deployments and Puppet, but otherwise should look quite familiar.
>>>  https://github.com/jflorian/doubledog-koji
>> This is neat! Does your puppet module support configuring Koji with
>> Kerberos auth as an alternative to SSL cert auth?
> Not ATM, but I've been intending to add that support. It should be
> quite easy, but it's just a matter of finding time. I have two Koji
> deployments: the day job and at home. Home is the only one where I have
> the opportunity to explore and play and once I've worked out the kinks I
> sneak it into work as it's generally an overall improvement. My home
> setup is never what I want though for my time is torn in a thousand
> different directions and that's just the IT side of my life. That all
> said, I'm easily manipulated to sway my priorities! ;-)
There are three reasons for my interest:
* I'm trying to find a good method for building a self-contained Koji
appliance image that will set up Koji systems properly. I've not found
a good Ansible playbook for doing this, so I'm considering using
Puppet for this instead.
* I'm trying to find a good module/manifest for setting up Koji for
Mageia that supports Kerberos and configuring stuff properly. Mageia
infrastructure is managed with Puppet, so it's ideal to have a good
module for that. The other manifests/modules I've found so far are
either horribly underdocumented (at which point I don't know how to
use them) or lack the necessary capability to set up a Fedora-like
* One of the places I'd like to set up Koji uses Puppet as well, so it
works out well if there's a complete module that can be leveraged.
I think my module would be a great starting point then. Once I started
using Puppet, I went all in so that all my servers and workstations are
100% managed from a minimal install. It was shortly after the RH bought
Ansible and Fedora went that way, but I was too deep already, though I
very much like Ansible, if not actually prefer it. I know Puppet deep
enough to know where the warts are and there's quite a few.
Anyway, my Koji setup mimics Fedora's in many ways because that was the
example I had to learn from ... and it wasn't all that long ago they did
x509 auth too. So, if you interested, I'd love to team up and knock in
the Kerberos support because I've seen plenty of evidence of how active
you are in FOSS and I'm always trying to give back more myself.
Consider me inspired. I think you'll find my module docs good but not
excellent ... they really would benefit from some examples, but as you
know there's a lot of ways a Koji deployment can be put together.
Still, an all-in-one setup for small sites is probably the best example
because bigger sites are going to know how/where they want to be
different. I think my module is flexible enough for just about any use
case -- I'd aimed for that with the auth parts being the one exception
because if I'm not using it, I'm not testing it.
I also have a Sigul module for signing at